Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								d56772c813 
								
							 
						 
						
							
							
								
								proxy buffering still needs to be off  
							
							
							
						 
						
							2018-12-12 17:36:00 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								48c4f88ffd 
								
							 
						 
						
							
							
								
								Update proxy config to improve behavior and allow compatibility with Safari on MacOS and iOS  
							
							
							
						 
						
							2018-12-12 17:31:47 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									href 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								97b00d366f 
								
							 
						 
						
							
							
								
								reverse_proxy: more headers  
							
							
							
						 
						
							2018-11-30 18:00:57 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								c3f562a611 
								
							 
						 
						
							
							
								
								Merge branch 'add-MIX_ENV-to-systemd-example' into 'develop'  
							
							... 
							
							
							
							Add MIX_ENV=prod to systemd example file
See merge request pleroma/pleroma!445  
							
						 
						
							2018-11-13 12:24:29 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								124a9bb7a5 
								
							 
						 
						
							
							
								
								Add MIX_ENV=prod  
							
							
							
						 
						
							2018-11-12 23:01:06 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								e4bd5a6950 
								
							 
						 
						
							
							
								
								example configs: kill STS/CT headers  
							
							
							
						 
						
							2018-11-11 06:56:46 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								057a9017b3 
								
							 
						 
						
							
							
								
								example configs: remove obsolete CSP configuration  
							
							
							
						 
						
							2018-11-11 06:12:26 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									William Pitcock 
								
							 
						 
						
							
							
							
							
								
							
							
								fd918863aa 
								
							 
						 
						
							
							
								
								nginx example config: remove CORS headers, now managed by CORSPlug.  
							
							
							
						 
						
							2018-11-11 05:42:30 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									kaniini 
								
							 
						 
						
							
							
							
							
								
							
							
								e1c40b8ca2 
								
							 
						 
						
							
							
								
								Merge branch 'patch-2' into 'develop'  
							
							... 
							
							
							
							Remove Access-Control-Allow-Origin in pleroma.nginx
See merge request pleroma/pleroma!424  
							
						 
						
							2018-11-06 21:24:16 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Hakaba Hitoyo 
								
							 
						 
						
							
							
							
							
								
							
							
								3ea4f9ac8d 
								
							 
						 
						
							
							
								
								Remove Access-Control-Allow-Origin  
							
							
							
						 
						
							2018-11-05 04:18:43 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								800d233631 
								
							 
						 
						
							
							
								
								Use example.tld so a single search and replace works  
							
							
							
						 
						
							2018-11-04 14:06:18 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								941f9a888c 
								
							 
						 
						
							
							
								
								Update instructions  
							
							
							
						 
						
							2018-11-03 23:59:52 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								732d3fce73 
								
							 
						 
						
							
							
								
								Use the same example domain in all config examples  
							
							
							
						 
						
							2018-11-03 23:44:26 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								56c49513e0 
								
							 
						 
						
							
							
								
								Use the server name as variable  
							
							
							
						 
						
							2018-11-03 23:41:37 +01:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								043cb7138e 
								
							 
						 
						
							
							
								
								Add a little bit more detail in the comments.  
							
							
							
						 
						
							2018-10-25 00:57:47 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								0a58428de6 
								
							 
						 
						
							
							
								
								Add some security related directives to the systemd service example  
							
							
							
						 
						
							2018-10-25 00:37:31 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									barrucadu 
								
							 
						 
						
							
							
							
							
								
							
							
								a32e013909 
								
							 
						 
						
							
							
								
								Relax form-action content security policy  
							
							... 
							
							
							
							'self' only allows forms submitted to the same origin, which
breaks the "remote follow" form.  To allow remote following,
we want to allow forms to be submitted to any host. 
							
						 
						
							2018-09-28 22:17:19 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								8a4e2f48bf 
								
							 
						 
						
							
							
								
								installation/pleroma-apache.conf: OCSP stapling needs to be outside of the virtualhost directive  
							
							
							
						 
						
							2018-09-03 21:41:21 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d027c53d75 
								
							 
						 
						
							
							
								
								Add frame-ancestors 'none' to all configs  
							
							
							
						 
						
							2018-08-30 11:10:16 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d035566116 
								
							 
						 
						
							
							
								
								installation/pleroma.nginx: Add 'always' to the security headers, so that they are included regardless of the status code  
							
							
							
						 
						
							2018-08-29 19:00:40 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								64388c420a 
								
							 
						 
						
							
							
								
								installation/pleroma-apache.conf: Add TLS configuration and security headers  
							
							
							
						 
						
							2018-08-29 01:29:04 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								3487e15963 
								
							 
						 
						
							
							
								
								installation/pleroma.vcl: Add HTTP security headers  
							
							
							
						 
						
							2018-08-29 01:28:10 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								82e661cd07 
								
							 
						 
						
							
							
								
								installation/caddyfile-pleroma.example: Add Content-Security-Policy  
							
							
							
						 
						
							2018-08-29 01:16:13 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Haelwenn (lanodan) Monnier 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								0fd2eaf7af 
								
							 
						 
						
							
							
								
								installation/pleroma.nginx: Add Content-Security-Policy  
							
							... 
							
							
							
							Closes: https://git.pleroma.social/pleroma/pleroma/issues/266  
							
						 
						
							2018-08-28 20:54:50 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									shibayashi 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								bff5ed154f 
								
							 
						 
						
							
							
								
								Improve example Caddyfile  
							
							
							
						 
						
							2018-08-26 03:36:52 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									vaartis 
								
							 
						 
						
							
							
							
							
								
							
							
								9c5ca9e15e 
								
							 
						 
						
							
							
								
								Add an OpenRC service  
							
							
							
						 
						
							2018-08-23 19:34:11 +03:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								394d0c94c4 
								
							 
						 
						
							
							
								
								Add comment about TLS curves for older servers.  
							
							
							
						 
						
							2018-06-16 18:14:05 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									dex 
								
							 
						 
						
							
							
							
							
								
							
							
								750cfbf38d 
								
							 
						 
						
							
							
								
								* fix nginx 1.15 warning:  
							
							... 
							
							
							
							nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead 
							
						 
						
							2018-06-13 09:54:23 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								93c614bf13 
								
							 
						 
						
							
							
								
								* Removed TLSv1 and TLSv1.1  
							
							... 
							
							
							
							* Added OCSP Stapling
* Added SSL Cache
* Changed ciphers
* Specified ECDH curves 
							
						 
						
							2018-06-11 23:01:14 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								c645a8de2b 
								
							 
						 
						
							
							
								
								Security upgrades:  
							
							... 
							
							
							
							* Removed TLSv1 and TLSv1.1
* Added OCSP Stapling
* Added SSL Cache
* Changed ciphers
* Specified ECDH curves 
							
						 
						
							2018-06-11 22:56:54 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									witti 
								
							 
						 
						
							
							
							
							
								
							
							
								13925e0eb3 
								
							 
						 
						
							
							
								
								caddy config example  
							
							
							
						 
						
							2018-06-03 20:13:33 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Dominik V. Salonen 
								
							 
						 
						
							
							
							
							
								
							
							
								a6fd9c4b00 
								
							 
						 
						
							
							
								
								Update pleroma.nginx  
							
							... 
							
							
							
							proxy_ignore_client_abort will continue to fetch from upstream even if a client aborts the connection. This is highly recommended when cache is being used. If a client leaves/refreshes the page while a user's avatar or some other media is halfway loaded, the cached copy might in some cases be broken. Leaving future requests to the same URL broken until cache expires. 
							
						 
						
							2018-05-28 10:36:27 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Niklas Poslovski 
								
							 
						 
						
							
							
							
							
								
							
							
								f0e8194a71 
								
							 
						 
						
							
							
								
								Repair some access-control headers required for third-party webclients  
							
							
							
						 
						
							2018-05-23 08:48:28 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Niklas Poslovski 
								
							 
						 
						
							
							
								
								
							
							
							
								
							
							
								d81a4e9280 
								
							 
						 
						
							
							
								
								Add access-control-expose-headers to Nginx default config  
							
							
							
						 
						
							2018-05-22 15:39:29 +02:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								bb864e96ad 
								
							 
						 
						
							
							
								
								Merge branch 'patch-2' into 'develop'  
							
							... 
							
							
							
							Nginx config - secure defaults
See merge request pleroma/pleroma!146  
							
						 
						
							2018-05-13 08:39:37 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								17bcff6445 
								
							 
						 
						
							
							
								
								Merge branch 'feld-varnish' into 'develop'  
							
							... 
							
							
							
							More varnish fixes
See merge request pleroma/pleroma!149  
							
						 
						
							2018-05-13 08:34:58 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Normandy 
								
							 
						 
						
							
							
							
							
								
							
							
								38f5f6f659 
								
							 
						 
						
							
							
								
								Remove alias directive in service file  
							
							... 
							
							
							
							Systemd will complain otherwise. 
							
						 
						
							2018-05-11 05:19:20 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								a85d051675 
								
							 
						 
						
							
							
								
								Don't strip headers from backend for /notice/ either  
							
							
							
						 
						
							2018-05-07 23:44:40 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								4233b1504f 
								
							 
						 
						
							
							
								
								Caching notice URLs does not produce pleasant results  
							
							
							
						 
						
							2018-05-07 23:43:27 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								a9baf955fa 
								
							 
						 
						
							
							
								
								Merge branch 'feld-varnish' into 'develop'  
							
							... 
							
							
							
							Caching /objects/ URLs breaks them in Mastoweb as they don't redirect to the /notice/
See merge request pleroma/pleroma!110  
							
						 
						
							2018-05-06 18:43:57 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Artik Banana 
								
							 
						 
						
							
							
							
							
								
							
							
								0a1fd8adf0 
								
							 
						 
						
							
							
								
								Added headers for a more secure default.  
							
							
							
						 
						
							2018-05-06 14:19:29 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									csaurus 
								
							 
						 
						
							
							
							
							
								
							
							
								1c6a691570 
								
							 
						 
						
							
							
								
								Add info about certbot with the webroot plugin to pleroma.nginx  
							
							
							
						 
						
							2018-04-20 18:43:49 -04:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								8dbb4c6c50 
								
							 
						 
						
							
							
								
								Remove hack for /about/more as we are doing this in Pleroma now  
							
							
							
						 
						
							2018-04-19 18:58:13 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								5256c712dc 
								
							 
						 
						
							
							
								
								Caching /objects/ URLs breaks them in Mastoweb as they don't redirect to the /notice/  
							
							... 
							
							
							
							Not sure why it matters if you cache it or not. What's different about this JSON blob?
Perhaps it's a header that needs to be set for the redirect to happen? 
							
						 
						
							2018-04-13 13:40:24 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								6ff583e5e1 
								
							 
						 
						
							
							
								
								Merge branch 'feld-varnish' into 'develop'  
							
							... 
							
							
							
							Remove attempted caching of toots
See merge request pleroma/pleroma!106  
							
						 
						
							2018-04-10 14:45:46 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Mark Felder 
								
							 
						 
						
							
							
							
							
								
							
							
								fcb32345d7 
								
							 
						 
						
							
							
								
								Remove attempted caching of toots  
							
							... 
							
							
							
							This does not work as expected. We should not attempt to be clever here.
Varnish will do the right thing if we just teach Pleroma to set headers
properly for content we know can be cached. 
							
						 
						
							2018-04-10 14:17:23 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Stanislas 
								
							 
						 
						
							
							
							
							
								
							
							
								73ca18744e 
								
							 
						 
						
							
							
								
								Indentation for Apache vhost  
							
							
							
						 
						
							2018-04-10 08:08:27 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									lambda 
								
							 
						 
						
							
							
							
							
								
							
							
								210755ac46 
								
							 
						 
						
							
							
								
								Merge branch 'develop' into 'develop'  
							
							... 
							
							
							
							Fix max upload size in nginx config.
See merge request pleroma/pleroma!102  
							
						 
						
							2018-04-09 08:41:34 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									nepfag 
								
							 
						 
						
							
							
							
							
								
							
							
								5cb3d441bc 
								
							 
						 
						
							
							
								
								Apache config for everything on one host.  
							
							
							
						 
						
							2018-04-08 19:22:24 +00:00 
							
								 
							
						 
					 
				
					
						
							
								
								
									Hector A. Escobedo 
								
							 
						 
						
							
							
							
							
								
							
							
								7e262c2997 
								
							 
						 
						
							
							
								
								Fix max upload size in nginx config.  
							
							... 
							
							
							
							The built-in nginx default does not allow users to upload images
larger than 1 MB. This increases the maximum request size to match
the default Pleroma config upload_limit parameter. Some helpful
comments were also added. 
							
						 
						
							2018-04-08 11:21:29 -04:00